CN106845220A - A kind of Android malware detecting system and method - Google Patents

A kind of Android malware detecting system and method Download PDF

Info

Publication number
CN106845220A
CN106845220A CN201510890041.7A CN201510890041A CN106845220A CN 106845220 A CN106845220 A CN 106845220A CN 201510890041 A CN201510890041 A CN 201510890041A CN 106845220 A CN106845220 A CN 106845220A
Authority
CN
China
Prior art keywords
feature
authority
api
sfd
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510890041.7A
Other languages
Chinese (zh)
Other versions
CN106845220B (en
Inventor
张巍
樊春玲
姜青山
任环
蔡芷铃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute of Advanced Technology of CAS
Original Assignee
Shenzhen Institute of Advanced Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute of Advanced Technology of CAS filed Critical Shenzhen Institute of Advanced Technology of CAS
Priority to CN201510890041.7A priority Critical patent/CN106845220B/en
Publication of CN106845220A publication Critical patent/CN106845220A/en
Application granted granted Critical
Publication of CN106845220B publication Critical patent/CN106845220B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)

Abstract

Android malware detecting system and method that the present invention is provided, API feature extractions and authority feature are extracted using characteristic extracting module, the TF-SFD of each API feature and authority feature is calculated according to feature selection module, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix, the eigenmatrix is trained by class identification module again, obtain disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, and Detection results are higher.

Description

A kind of Android malware detecting system and method
Technical field
The present invention relates to software detection technical field, more particularly to a kind of Android malware detecting system and Method.
Background technology
Mobile Malware refers to all malicious operation can be performed on smart mobile phone or tablet PC Application program, can cause system crash, the loss of user's confidential information or leakage.Intelligent terminal and cloud computing With the fusion for accelerating propulsion information technology and the communication technology, mobile Internet high speed development is promoted.With The development of mobile Internet, mobile terminal user colony is increasingly huge.But under the ordering about of economic interests, The quantity of mobile Malware is in explosive growth, and various mobile Malware families are even more ever-changing, sternly The sound development of mobile Internet is threaten again, and very important harm is brought to user and intelligent terminal. The potential safety hazard of Android platform is especially prominent, and report display 96% moves Malware for Android systems System, the Android applications being currently downloaded more than 5,000,000,000 are under the threat of assault.Additionally, The malicious application quantity for being intended to steal Android user's financial information is also rapidly increasing.
The more extensive Android malware detection of research at present includes dynamic analysis and static analysis.Dynamic Analysis is mainly feature when analysis program is run, including system call sequence and data flow etc..These methods The kernel of modification Android system is needed, and brings substantial amounts of real-time calculating.Static detection method is by dividing The source code of application program is analysed, application program is not run.The common static nature of Android platform Malware Have:API features and authority feature.Aafer et al. is extracted API, package and API parameter attributes make Feature is classified with different graders, including ID3, C4.5, k-NN and SVMs.Cen Et al. be extracted API features, and distinguish that model is differentiated using probability.Their use information gains, card Side's inspection carries out assignment to primitive character, and selection numerical value feature high constitutes new characteristic vector, then carries out Detection.
TF-IDF is a kind of information processing technology, is mainly used in the selection of feature.The numerical value of IDF is normal soft It is usually equal in part and Malware, therefore without separating capacity.
The content of the invention
It is an object of the present invention to solve that traditional Android malware detection time is long and accuracy of detection is low Technical problem.
The object of the invention to solve the technical problems is realized using following technical scheme.
A kind of Android malware detecting system, including:
Characteristic extracting module, for extracting API feature extractions and authority feature;
Feature selection module, the TF-SFD for calculating each API feature and authority feature, and according to The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition Eigenmatrix;
Taxonomic history module:The eigenmatrix is trained, disaggregated model is obtained, and to the classification Module is differentiated.
In a better embodiment of the invention, the characteristic extracting module include API characteristic extracting modules and Authority characteristic extracting module.
In a better embodiment of the invention, the API characteristic extracting modules are based on Dedexer instruments, By ordering " java-jar Dedexer.jar-d<directory><dex file>" compile classes.dex file reverses Smali files are translated into, the API features of Android application software are extracted in smali files.
In a better embodiment of the invention, the authority characteristic extracting module passes through decompiling AndroidManifest.xml files extract authority feature, and the software is represented by authority characteristic vector, If the software application authority, 1 is set to;Do not apply for the authority, be then set to 0.
In a better embodiment of the invention, the feature selection module calculates each API by following algorithms The TF-SFD of feature and authority feature,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature, NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag Normal software quantity containing ith feature, NBenIt is normal software sum.
In a better embodiment of the invention, the taxonomic history module is by random forests algorithm to described Eigenmatrix is trained, and obtains disaggregated model, and the sort module is differentiated.
In a better embodiment of the invention, the class identification module passes through NB Algorithm or support Vector machine algorithm or neural network algorithm or decision Tree algorithms are trained to the eigenmatrix, are classified Model, and the sort module is differentiated.
Additionally, present invention also offers a kind of Android malware detection method, comprising the steps:
Extract API feature extractions and authority feature;
Calculate the TF-SFD of each API feature and authority feature, and according to the numerical value of TF-SFD from big to small Sequence, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
In a better embodiment of the invention, extract API feature extractions and be specially:Based on Dedexer works Tool, by ordering " java-jar Dedexer.jar-d<directory><dex file>" by classes.dex files Smali files are decompiled into, the API features of Android application software are extracted in smali files;
Authority feature is extracted to be specially:Authority feature is extracted by decompiling AndroidManifest.xml files, And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for Limit, then be set to 0.
In a better embodiment of the invention, each API feature and authority feature are calculated by following algorithms TF-SFD,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature, NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag Normal software quantity containing ith feature, NBenIt is normal software sum.
The present invention has following beneficial effects using above-mentioned technical proposal:
Android malware detecting system and method that the present invention is provided, are extracted using characteristic extracting module API feature extractions and authority feature, each API feature and authority feature are calculated according to feature selection module TF-SFD, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2 Individual authority feature constitutes eigenmatrix, then the eigenmatrix is trained by class identification module, obtains Disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, detection Effect is higher.
Additionally, the Android malware detecting system and method for present invention offer are selected according to TF-SFD features Select technology, API features and authority feature quantity can be efficiently reduced, thus reduce training and identification when Between;Meanwhile, invalid feature can be deleted, so as to improve nicety of grading.
Described above is only the general introduction of technical solution of the present invention, in order to better understand technology of the invention Means, and being practiced according to the content of specification, and in order to allow above and other purpose of the invention, Feature and advantage can become apparent, and below especially exemplified by preferred embodiment, and coordinate accompanying drawing, describe in detail such as Under.
Brief description of the drawings
Fig. 1 is the functional block diagram of Android malware detecting system provided in an embodiment of the present invention.
Fig. 2 is the principle schematic of the Android malware detecting system that a preferred embodiment of the present invention is provided.
The step of Fig. 3 is Android malware detection method provided in an embodiment of the present invention flow chart.
Fig. 4 is TF-SFD proposed by the present invention and original TF-IDF contrast schematic diagrams.
Fig. 5 carries out API feature extraction schematic diagrames for the present invention using TF-SFD.
Specific embodiment
For the ease of understanding the present invention, the present invention is described more fully below with reference to relevant drawings. Better embodiment of the invention is given in accompanying drawing.But, the present invention can come in many different forms Realize, however it is not limited to embodiments described herein.On the contrary, provide the purpose of these implementation methods being Make to the more thorough comprehensive of the disclosure understanding.
Unless otherwise defined, all of technologies and scientific terms used here by the article with belong to technology of the invention The implication that the technical staff in field is generally understood that is identical.The art for being used in the description of the invention herein Language is intended merely to describe the purpose of specific embodiment, it is not intended that in the limitation present invention.It is used herein Term " and/or " include one or more related Listed Items arbitrary and all of combination.
Fig. 1 and Fig. 2 is refer to, wherein, Fig. 1 is Android malware inspection provided in an embodiment of the present invention The functional block diagram of examining system, the Android malware detection that Fig. 2 is provided for a preferred embodiment of the present invention The principle schematic of system.The Android malware detecting system that the present invention is provided includes:Feature extraction mould Block 110, feature selection module 120 and taxonomic history module 130.
Wherein, characteristic extracting module 110 is used to extract API feature extractions and authority feature;
Preferably, the characteristic extracting module 110 includes API characteristic extracting modules and authority feature extraction mould Block.
The API characteristic extracting modules are based on Dedexer instruments, by ordering " java-jar Dedexer.jar-d <directory><dex file>" classes.dex files are decompiled into smali files, in smali files Extract the API features of Android application software.
The authority characteristic extracting module extracts authority feature by decompiling AndroidManifest.xml files, And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for Limit, then be set to 0.
It is appreciated that characteristic extracting module 110 can also be an integration module, this is integrated with the API The function of characteristic extracting module and the authority characteristic extracting module, so that there is provided the integrated level of system.
Feature selection module 120 is used to calculating the TF-SFD of each API feature and authority feature, and according to The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition Eigenmatrix.
Preferably, the feature selection module 120 calculates each API feature by following algorithms and authority is special The TF-SFD for levying,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature, NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag Normal software quantity containing ith feature, NBenIt is normal software sum.
It is appreciated that the present invention uses TF-SFD Feature Selections, API features can be efficiently reduced With authority feature quantity so that reduce training with identification time.
Additionally, the present invention uses TF-SFD Feature Selections, invalid feature can be deleted, so as to improve point Class precision.
130 pairs of eigenmatrixes of taxonomic history module are trained, and obtain disaggregated model, and to described point Generic module is differentiated.
Preferably, the taxonomic history module 130 is instructed by random forests algorithm to the eigenmatrix Practice, obtain disaggregated model, and the sort module is differentiated.
It is appreciated that the present invention is sub to the composite character including Android API and authority using random forests algorithm Collection is classified, and obtains disaggregated model, and the sort module is differentiated, such that it is able to improve movement The precision of Malware identification.
Preferably, the class identification module 130 can also be calculated by NB Algorithm or SVMs Method or neural network algorithm or decision Tree algorithms are trained to the eigenmatrix, obtain disaggregated model, and The sort module is differentiated.
Fig. 3 is referred to, flow the step of be Android malware detection method provided in an embodiment of the present invention Figure, including:
Step S10:Extract API feature extractions and authority feature;
Step S20:The TF-SFD of each API feature and authority feature is calculated, and according to the number of TF-SFD Value sorts from big to small, and M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
Step S30:The eigenmatrix is trained, disaggregated model is obtained, and the sort module is entered Row differentiates.
Android malware detecting system and method that the present invention is provided, are extracted using characteristic extracting module API feature extractions and authority feature, each API feature and authority feature are calculated according to feature selection module TF-SFD, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2 Individual authority feature constitutes eigenmatrix, then the eigenmatrix is trained by class identification module, obtains Disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, detection Effect is higher.
Additionally, the Android malware detecting system and method for present invention offer are selected according to TF-SFD features Select technology, API features and authority feature quantity can be efficiently reduced, thus reduce training and identification when Between;Meanwhile, invalid feature can be deleted, so as to improve nicety of grading.
Embodiment
Fig. 4 is referred to, is TF-SFD proposed by the present invention and original TF-IDF contrast schematic diagrams, from figure In as can be seen that using TF-SFD selection authority (Permission) tagsort precision be higher than TF-IDF, When preceding 20 authority features are selected, nicety of grading is more than 84%, close to the authority feature using whole.
Refer to Fig. 5, be that the present invention carries out API feature extractions using TF-SFD, preceding 100 features point Class precision can be higher than using whole features.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, But therefore can not be interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for this area Those of ordinary skill for, without departing from the inventive concept of the premise, can also make it is some deformation and Improve, these belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended Claim is defined.

Claims (10)

1. a kind of Android malware detecting system, it is characterised in that including:
Characteristic extracting module, for extracting API feature extractions and authority feature;
Feature selection module, the TF-SFD for calculating each API feature and authority feature, and according to The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition Eigenmatrix;
Taxonomic history module, is trained to the eigenmatrix, obtains disaggregated model, and to the classification Module is differentiated.
2. Android malware detecting system as claimed in claim 1, it is characterised in that the spy Levying extraction module includes API characteristic extracting modules and authority characteristic extracting module.
3. Android malware detecting system as claimed in claim 2, it is characterised in that the API Characteristic extracting module is based on Dedexer instruments, by ordering " java-jar Dedexer.jar-d<directory> <dex file>" classes.dex files are decompiled into smali files, extract Android in smali files The API features of application software.
4. Android malware detecting system as claimed in claim 2, it is characterised in that the power Limit characteristic extracting module extracts authority feature by decompiling AndroidManifest.xml files, and by power Limit characteristic vector represents the software, if the software application authority, is set to 1;Do not apply for the authority, then put It is 0.
5. Android malware detecting system as claimed in claim 1, it is characterised in that the spy The TF-SFD that selecting module calculates each API feature and authority feature by following algorithms is levied,
TF-SFDI, j=TFI, j*SFDi
TF i , j = w i , j &Sigma; K N w k , j
SFD i = ( N i M a l / N M A L - N i B e n / N B e n ) 2 N i M a l / N i M A L + N i B e n / N B e n
Wherein:wI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature, NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag Normal software quantity containing ith feature, NBenIt is normal software sum.
6. Android malware detecting system as claimed in claim 1, it is characterised in that described point Class identification module is trained by random forests algorithm to the eigenmatrix, obtains disaggregated model, and right The sort module is differentiated.
7. Android malware detecting system as claimed in claim 1, it is characterised in that the class Identification module passes through NB Algorithm or algorithm of support vector machine or neural network algorithm or decision Tree algorithms The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
8. a kind of Android malware detection method, it is characterised in that comprise the steps:
Extract API feature extractions and authority feature;
Calculate the TF-SFD of each API feature and authority feature, and according to the numerical value of TF-SFD from big to small Sequence, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
9. Android malware detection method as claimed in claim 8, it is characterised in that
API feature extractions are extracted to be specially:Based on Dedexer instruments, by ordering " java-jar Dedexer.jar -d<directory><dex file>" classes.dex files are decompiled into smali files, in smali files The API features of middle extraction Android application software;
Authority feature is extracted to be specially:Authority feature is extracted by decompiling AndroidManifest.xml files, And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for Limit, then be set to 0.
10. Android malware detection method as claimed in claim 8, it is characterised in that under The TF-SFD that algorithm calculates each API feature and authority feature is stated,
TF-SFDI, j=TFI, j*SFDi
TF i , j = w i , j &Sigma; K N w k , j
SFD i = ( N i M a l / N M A L - N i B e n / N B e n ) 2 N i M a l / N i M A L - N i B e n / N B e n
Wherein:wI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature, NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag Normal software quantity containing ith feature, NBenIt is normal software sum.
CN201510890041.7A 2015-12-07 2015-12-07 Android malicious software detection system and method Active CN106845220B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510890041.7A CN106845220B (en) 2015-12-07 2015-12-07 Android malicious software detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510890041.7A CN106845220B (en) 2015-12-07 2015-12-07 Android malicious software detection system and method

Publications (2)

Publication Number Publication Date
CN106845220A true CN106845220A (en) 2017-06-13
CN106845220B CN106845220B (en) 2020-08-25

Family

ID=59151367

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510890041.7A Active CN106845220B (en) 2015-12-07 2015-12-07 Android malicious software detection system and method

Country Status (1)

Country Link
CN (1) CN106845220B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506646A (en) * 2017-09-28 2017-12-22 努比亚技术有限公司 Detection method, device and the computer-readable recording medium of malicious application
CN107729754A (en) * 2017-09-25 2018-02-23 暨南大学 Android malware detection method based on API features
CN107832611A (en) * 2017-10-21 2018-03-23 北京理工大学 The bot program detection and sorting technique that a kind of dynamic static nature combines
CN108985060A (en) * 2018-07-04 2018-12-11 中共中央办公厅电子科技学院 A kind of extensive Android Malware automated detection system and method
CN109344614A (en) * 2018-07-23 2019-02-15 厦门大学 A kind of Android malicious application online test method
CN109753800A (en) * 2019-01-02 2019-05-14 重庆邮电大学 Merge the Android malicious application detection method and system of frequent item set and random forests algorithm
CN109886020A (en) * 2019-01-24 2019-06-14 燕山大学 Software vulnerability automatic classification method based on deep neural network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104376262A (en) * 2014-12-08 2015-02-25 中国科学院深圳先进技术研究院 Android malware detecting method based on Dalvik command and authority combination
CN104750844A (en) * 2015-04-09 2015-07-01 中南大学 Method and device for generating text characteristic vectors based on TF-IGM, method and device for classifying texts
CN104834857A (en) * 2015-03-27 2015-08-12 清华大学深圳研究生院 Method and device for detecting Android malicious software in batch

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104376262A (en) * 2014-12-08 2015-02-25 中国科学院深圳先进技术研究院 Android malware detecting method based on Dalvik command and authority combination
CN104834857A (en) * 2015-03-27 2015-08-12 清华大学深圳研究生院 Method and device for detecting Android malicious software in batch
CN104750844A (en) * 2015-04-09 2015-07-01 中南大学 Method and device for generating text characteristic vectors based on TF-IGM, method and device for classifying texts

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈珉: "基于Android平台的安全检测***", 《中国优秀硕士学位论文全文数据库》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107729754A (en) * 2017-09-25 2018-02-23 暨南大学 Android malware detection method based on API features
CN107506646A (en) * 2017-09-28 2017-12-22 努比亚技术有限公司 Detection method, device and the computer-readable recording medium of malicious application
CN107506646B (en) * 2017-09-28 2021-08-10 努比亚技术有限公司 Malicious application detection method and device and computer readable storage medium
CN107832611A (en) * 2017-10-21 2018-03-23 北京理工大学 The bot program detection and sorting technique that a kind of dynamic static nature combines
CN107832611B (en) * 2017-10-21 2020-12-08 北京理工大学 Zombie program detection and classification method combining dynamic and static characteristics
CN108985060A (en) * 2018-07-04 2018-12-11 中共中央办公厅电子科技学院 A kind of extensive Android Malware automated detection system and method
CN109344614A (en) * 2018-07-23 2019-02-15 厦门大学 A kind of Android malicious application online test method
CN109753800A (en) * 2019-01-02 2019-05-14 重庆邮电大学 Merge the Android malicious application detection method and system of frequent item set and random forests algorithm
CN109886020A (en) * 2019-01-24 2019-06-14 燕山大学 Software vulnerability automatic classification method based on deep neural network
CN109886020B (en) * 2019-01-24 2020-02-04 燕山大学 Software vulnerability automatic classification method based on deep neural network

Also Published As

Publication number Publication date
CN106845220B (en) 2020-08-25

Similar Documents

Publication Publication Date Title
CN106845220A (en) A kind of Android malware detecting system and method
CN104331436B (en) The quick classifying method of malicious code based on family gene code
CN105205397B (en) Rogue program sample sorting technique and device
Jeon et al. Hybrid malware detection based on Bi-LSTM and SPP-Net for smart IoT
CN109753800A (en) Merge the Android malicious application detection method and system of frequent item set and random forests algorithm
CN107315954A (en) A kind of file type identification method and server
KR102007809B1 (en) A exploit kit detection system based on the neural net using image
CN104123501B (en) A kind of viral online test method based on many assessor set
CN108959924A (en) A kind of Android malicious code detecting method of word-based vector sum deep neural network
CN111639337B (en) Unknown malicious code detection method and system for massive Windows software
CN107659570A (en) Webshell detection methods and system based on machine learning and static and dynamic analysis
CN106874761A (en) A kind of Android system malicious application detection method and system
CN106503558A (en) A kind of Android malicious code detecting methods that is analyzed based on community structure
CN106599688A (en) Application category-based Android malicious software detection method
CN109190372A (en) A kind of JavaScript Malicious Code Detection model based on bytecode
CN107368592B (en) Text feature model modeling method and device for network security report
CN109271788A (en) A kind of Android malware detection method based on deep learning
CN107944274A (en) A kind of Android platform malicious application off-line checking method based on width study
CN107180190A (en) A kind of Android malware detection method and system based on composite character
CN106685964A (en) Malicious software detecting method and system based on malicious network flow word library
CN107958154A (en) A kind of malware detection device and method
CN110362995A (en) It is a kind of based on inversely with the malware detection of machine learning and analysis system
CN106778851A (en) Social networks forecasting system and its method based on Mobile Phone Forensics data
CN112016317A (en) Sensitive word recognition method and device based on artificial intelligence and computer equipment
CN105808602B (en) Method and device for detecting junk information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant